Fake videos generated by Artificial Intelligence (AI) are more and more convincing. If you have seen Barack Obama call Donald Trump a “complete dipshit” (BuzzFeedVideo 2018), or Mark Zuckerberg brag about having “total control of billions of people’s stolen data” (Yaeger 2019), then you have seen a deepfake. They use a form of AI called deep learning to make images of fake events, thus the name deepfake.
How are they made?
Deepfakes were born in 2017 when a Reddit user of the same name posted modified porn clips on the site. The videos swapped the faces of celebrities on to porn performers. It however requires a few steps to make this happen.
One way is to run thousands of face shots of the two people through an AI algorithm called an encoder. The encoder finds and learns similarities between the two faces, and reduces them to their shared common features, compressing the images in the process. A second AI algorithm called a decoder is then taught to recover the faces from the compressed images. Because the faces are different, you train one decoder to recover the first person’s face, and another decoder to recover the second person’s face. To perform the face swap, you simply feed encoded images into the “wrong” decoder. For example, a compressed image of a person’s face is fed into the decoder trained on another person. The decoder then reconstructs the face of the other person with the expressions and orientation of the first face. For a convincing video, this has to be done on every frame. (Nechu 2020.)
Another way to make deepfakes is to use a Generative Adversarial Network, or GAN. A GAN pits two artificial intelligence algorithms against each other. The first algorithm, known as the generator, is fed random noise and turns it into an image. This synthetic image is then added to a stream of real images of e.g. celebrities, that are fed into the second algorithm, also known as the discriminator. At first, the synthetic images will look nothing like faces. But if you repeat the process countless times – giving feedback on the performance – both the discriminator and the generator improve significantly. Given enough cycles and feedback, the generator will start producing utterly realistic faces of the celebrities. (Brownlee 2019.)
How do you spot one?
It gets harder and harder to spot deepfakes as the technology improves. In 2018, researchers (Li et al. 2018) discovered that deepfake faces do not blink normally. At first, it seemed like a silver bullet, but no sooner than the research had been published, deepfakes appeared with blinking.
It is a race! Governments, universities and technology companies are all funding research to detect deepfakes. In 2020, the first Deepfake Detection Challenge (Meta AI 2020) kicked off, backed by Microsoft, Facebook and Amazon, in which research teams around the globe competed for supremacy in the deepfake detection game.
How do you protect yourself against deepfake attacks and extortion?
Criminals are in the cyber world to make money and ransomware tends to be very successful in order to achieve the goal. Therefore, it has been a logical move for criminals to use deepfakes as a new ransomware tool (FBI 2021).
In the traditional way of sharing ransomware, criminals launch a phishing attack with malware embedded in a captivating deepfake video – but there is also the new way to leverage deepfakes. Criminals can nowadays also show people or businesses in all sorts of illicit fake behaviors, that could damage their reputation if the images went public (FBI 2021).
Besides ransomware, synthetic content is also used in other ways. Threat actors might weaponize data and images to spread lies and scam employees, clients and other people, or to extort them (FBI 2021).
Users have already been duped by phishing attacks, so deepfake phishing attempts will be even more difficult for the average user to detect. Therefore, one should make sure that the cybersecurity awareness training also includes how one tells a deepfake from the real deal – it is easier than one might expect. The technology behind these types of attacks is good, but it is not perfect. In a webinar, Raymond Lee and Etay Maor (2021) explained that facial features are very difficult to perfect, especially the eyes. If the eyes look unnatural or the movement of facial features seem to be off, chances are good that it is an altered image (Lee & Maor 2021).
Another way to detect deepfakes from the real deal is to use a zero-trust philosophy. That is to say; verify whatever you see. Double and triple check the source of the message, and if possible, do an image search in order to try to find the original (Lee & Maor 2021).
The defense systems that have already been implemented will work to prevent deepfake phishing and social engineering attacks. Deepfakes are still in the earliest stages as an attack vector, so cybersecurity teams still have the advantage of preparing defenses as the tools improve. It should however be done as soon as possible.
Read this article in Centria Bulletin
Brownlee, J. 2019. A Gentle Introduction to Generative Adversarial Networks (GANs). Available at: https://machinelearningmastery.com/what-are-generative-adversarial-networks-gans/. Referenced 19th September 2022.
BuzzFeedVideo 2018. You Won’t Believe What Obama Says In This Video! Available at: https://www.youtube.com/watch?v=cQ54GDm1eL0. Referenced 16th September 2022.
FBI 2021. Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations. Available at: https://www.ic3.gov/Media/News/2021/210310-2.pdf. Referenced 19th September 2022.
Lee R. & Maor E.2021. From Disinformation to Deepfake. Available at: https://catonetworks.easywebinar.live/registration-81. Referenced 19th September 2022.
Li Y., Chang M.-C. & Lyu S. 2018. In Ictu Oculi: Exposing AI Generated Fake Face Videos by Detecting Eye Blinking. Available at: https://doi.org/10.48550/arXiv.1806.02877. Referenced 16th September 2022.
Meta AI 2020. Deepfake Detection Challenge Dataset. Available at: https://ai.facebook.com/datasets/dfdc/. Referenced 16th September 2022.
Nechu B. M. 2020. What is an encoder decoder model? Available at: https://towardsdatascience.com/what-is-an-encoder-decoder-model-86b3d57c5e1a. Referenced 19th September 2022.
Yaeger, L. 2019. Zuckerberg deepfake SPECTRE video. Available at: https://www.youtube.com/watch?v=Ox6L47Da0RY. Referenced 16th September 2022.